B. Alerts can be seen in the Threat Prevention policy.
C. Alerts can be seen in SmartUpdate.
D. Alerts can be seen from the CLI of the gateway.
Correct Answer: A
Alerts can be viewed in SmartView Monitor, which is a graphical tool that provides real-time information about the network and security activities, such as traffic, VPN tunnels, threats, and performance. References: Check Point R81 Security Management Administration Guide, page 25.
Question 372:
What is the purpose of the CPCA process?
A. Monitoring the status of processes
B. Sending and receiving logs
C. Communication between GUI clients and the SmartCenter server
D. Generating and modifying certificates
Correct Answer: D
The purpose of the CPCA process is generating and modifying certificates. CPCA stands for Check Point Certificate Authority and it is a process that runs on the Security Management Server or Log Server. It is responsible for creating and
managing certificates for internal communication between Check Point components, such as SIC .
References: [Check Point R81 Quantum Security Management Administration Guide], [Check Point R81 Quantum Security Gateway Guide]
Question 373:
When configuring Spoof Tracking, which tracking actions can an administrator select to be done when spoofed packets are detected?
A. Log, send snmp trap, email
B. Drop packet, alert, none
C. Log, alert, none
D. Log, allow packets, email
Correct Answer: C
The tracking actions that can be selected when configuring Spoof Tracking are Log, alert, none. Spoof Tracking is a feature that detects packets with spoofed source IP addresses and logs them in SmartView Tracker. The administrator can
choose to log only, log and alert, or do nothing when spoofed packets are detected. The other options are not valid tracking actions for Spoof Tracking, as they are either not available or not relevant for this feature.
Fill in the blank: Authentication rules are defined for ____________.
A. User groups
B. Users using UserCheck
C. Individual users
D. All users in the database
Correct Answer: A
Authentication rules are defined for user groups rather than individual users. To define authentication rules, you must first define users and groups. You can define users with the Check Point user database, or with an external server, such as LDAP. UserCheck is a feature that enables user interaction with security events. Individual users and all users in the database are not valid options for defining authentication rules. References: How to Configure Client Authentication, UserCheck
Question 375:
Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?
A. RADIUS
B. Check Point password
C. Security questions
D. SecurID
Correct Answer: C
Security questions are not an authentication scheme used for accounts created through SmartConsole. The available authentication schemes are Check Point password, RADIUS, TACACS, SecurID, LDAP, and Certificate. References: Check Point R81 Security Management Administration Guide
Question 376:
Which of the following is considered to be the more secure and preferred VPN authentication method?
A. Password
B. Certificate
C. MD5
D. Pre-shared secret
Correct Answer: B
Certificate-based authentication is considered to be the more secure and preferred VPN authentication method. It uses digital certificates to verify the identity of the VPN client and server, and provides stronger encryption and mutual authentication. Password-based authentication methods are less secure and more vulnerable to brute-force attacks, phishing, and keylogging. MD5 is a hashing algorithm, not an authentication method. Pre-shared secret is a symmetric key that is shared between the VPN peers, but it can be compromised if it is not changed frequently or stored securely References: VPN authentication options, Windows VPN technical guide
Question 377:
Which of the following is used to extract state related information from packets and store that information in state tables?
A. STATE Engine
B. TRACK Engine
C. RECORD Engine
D. INSPECT Engine
Correct Answer: D
The INSPECT Engine is the core component of Check Point's Stateful Inspection technology. It is used to extract state related information from packets and store that information in state tables. The INSPECT Engine also evaluates the security policy and enforces it on the packets. References: Check Point R81 Security Gateway Technical Administration Guide
Question 378:
In SmartConsole, on which tab are Permissions and Administrators defined?
A. Manage and Settings
B. Logs and Monitor
C. Security Policies
D. Gateways and Servers
Correct Answer: A
Permissions and Administrators are defined on the Manage and Settings tab in SmartConsole. This tab allows you to create and manage administrator accounts, roles, permissions, and authentication methods for accessing SmartConsole and other Check Point management interfaces. References: Check Point R81 Security Management Administration Guide
Question 379:
Identify the ports to which the Client Authentication daemon listens on by default?
A. 259, 900
B. 256, 257
C. 8080, 529
D. 80, 256
Correct Answer: A
The ports to which the Client Authentication daemon listens on by default are 259 and 900. Client Authentication is a method that allows users to authenticate with the Security Gateway before they are allowed access to protected resources. The Client Authentication daemon (fwauthd) runs on the Security Gateway and listens for authentication requests on TCP ports 259 and 900 . References: [Check Point R81 Remote Access VPN Administration Guide], [Check Point R81 Quantum Security Gateway Guide]
Question 380:
What is the order of NAT priorities?
A. IP pool NAT static NAT. hide NAT
B. Static NAT hide NAT, IP pool NAT
C. Static NAT, IP pool NAT hide NAT
D. Static NAT automatic NAT hide NAT
Correct Answer: C
The order of NAT priorities is Static NAT, IP pool NAT, and hide NAT. Static NAT has the highest priority because it is a one-to-one mapping of a private IP address to a public IP address. IP pool NAT has the second highest priority because
it is a one-to-many mapping of a private IP address to a pool of public IP addresses. Hide NAT has the lowest priority because it is a many-to-one mapping of multiple private IP addresses to a single public IP address.
References: Check Point R81 Security Gateway Administration Guide, page 23.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.